Are there linux distros without selinux portion in kernel? Sorry if that's dumb question ;), but my distro (debian) has it and i see that it's in kernel on kernel.org so i was wondering if it's so popular that every distro has it or some delete this portion of kernel and use something else? If there are distros without this kernel part (and i mean totally deleted, not just disabled and waiting for being enabled on boot like in debian) could you give some examples?

well, maybe i want to use something else. what you have against someone controlling his own machine and disabling 'security' features which he found to not be as effective as their authors claim? there are some vulnerabilities which are easier to exploit with selinux enabled.
–
PhilAug 31 '09 at 17:19

2

I can't speak for Phil, but in my opinion, any utility that breaks much, much more than it fixes is a candidate for avoidance.
–
kmarshAug 31 '09 at 18:58

6 Answers
6

If you are concerned about which modules and features are compiled into your kernel, you should maintain your own kernel, compiled by you. Debian has a system named make_kpkg to facilitate this process. You can copy over a stable config from /boot to the new kernel source tree and load that into your custom build so you don't have to configure everything from scratch. Then you have complete freedom to manually scan through every single kernel configuration setting, including SELinux.

SELinux ships with Debian, but it's disabled by default. There is a lot you need to do to enable it, so I wouldn't worry. The only reason it's there is because a lot of companies that use Debian on their servers require SELinux -- so Debian offers it as a choice, but doesn't force it on any of it's users.